A few weeks ago my bank account was hacked. It’s not a great feeling knowing that someone you don’t know has accessed your personal information.

However, the bank was able to assure me the rogue transactions will be refunded and I can still bank online.

The experience highlighted an apparent contradiction. Even though we face the prospect of personal data loss in our online transactions, this acceptance of risk is notably absent when it comes to interaction with our personal health data.

Seeking consent

There is a complex legal framework governing the use of personal confidential data in healthcare. If data contains any information that might identify a data subject, in other words if it is not anonymised, the consensus is that explicit consent must be sought from that individual.

The requirement to gain consent or anonymise is just one interpretation of the legal framework rather than a strict legal requirement. There is recognition of the public interest by allowing some forms of research to be undertaken using identifiable data without requiring explicit consent.

Much health services research in the NHS is already carried out under these provisions. You can read more about the legal framework in this Nuffield Trust publication here.

There are good examples of how it is possible to share anonymised information without falling foul of information governance

The issue of data sharing has become polarised with those arguing it is fine to link data because patients would expect the NHS to improve patient care and others who are too cautious to make a bold decision in favour of all patients. In practical terms, this lack of clarity means researchers and NHS organisations have opted to exercise caution and seek explicit consent in order to avoid the possibility of legal sanctions.

That said, there are some good examples of how it is possible to share anonymised information without falling foul of information governance. The NHS South West Commissioning Support Unit has managed to get 13 health and social care organisations to share data, with the appropriate governance arrangements in place.

Sharing data

At Beautiful Information, based at East Kent University Hospitals Foundation Trust, we believe sharing data is the best way for information to provide a clear call to action. It has helped us to improve the ability of our own and other NHS organisations to understand and manage performance.

We now share our data with the community trust, hospice and clinical commissioning group. This means, for example, we can start to flag up those patients who are turning up in our Emergency Department who should really be avoiding hospital admission.

We share data purely to improve patient care, not for research or for contracting purposes. This has made it much simpler to navigate information governance requirements.

So how do we do this? We typically take feeds of patient lists every night from the community trust and the hospice and link this to our current patient list in the data warehouse.

Every time a patient comes into the ED we are able to check each whether the patient is currently a client of the community trust or the hospice and is therefore in an inappropriate setting. If the patient is a client we then send a message to the provider who can make sure they work with us to put in place the appropriate discharge plan so they don’t become stuck in an acute setting.

This information is shared in real-time between our providers and now also to our CCG colleagues. In the past they would have been completely unsighted as to whether their patients were admitted into an inappropriate acute setting.

We know this sort of initiative is better for patients and NHS England is putting its weight behind data sharing with its impending clinical utilisations reviews. The bottom line is that data has to be shared by different providers.

However, the issue of data sharing is still a stumbling block for many. Perhaps we ought to be more explicit and say that in return for a healthcare system free at the point of care, we should accept that our health data can be shared for non-commercial research purposes.

As director of information at the trust I want to be able to share data with local organisations so we can all act on it to improve patient care and outcomes without losing sleep at night over information governance.

Marc Farr is director of information at East Kent University Hospitals Foundation Trust

Evidence is one factor that helps to “de-risk” an innovation and accelerate its adoption and spread, but there are a range of assurances and mitigations that can support and speed up successful implementation, says Dr Amanda Begley